Access control rules allow you to control access from public network users by matching HTTP message sections such as request path, GET parameters, POST parameters, Referer, and User-Agent. This feature enables Tencent Cloud users to respond flexibly with a combination of rules to easily block various cyber attacks.
- Each rule can contain up to 5 conditions.
- Conditions in each rule are evaluated using a logical AND, that is, the rule does not take effect unless all the conditions are matched.
- Each rule supports four actions: Block, CAPTCHA, Observe, and Redirect.
- Block: Enables WAF to block access requests that hit the specified rule.
- CAPTCHA: Enables WAF to verify access requests that hit the specified rule.
- Observe: Enables WAF to observe access requests that hit the specified rule.
- Redirect: Enables WAF to redirect access requests that hit the specified rule.
- Priority: The value range is 1-100. A smaller number represents higher priority.
To ban specific IP addresses from access to a designated site, the webmaster can perform configuration with the following steps:
Log in to the WAF console and click Configuration Center > Basic Security on the left sidebar.
On the basic security page, select the target domain name in the top-left corner and click Access control.
On the access control page, click Add rule, and the rule adding window will pop up.
Enter the name of the rule (e.g. "001"), select an option (such as "source IP") for Field, select “Match” for Logical operator, and enter the source IP (e.g.
192.168.1.1) banned from access for Content. Then select an action (e.g. "Block"), and click OK to save the rule.
WAF access control rules allow you to use masks to control access requests from source IPs within a range. We can enter a specific IP address range (e.g.
10.10.10.10/24) in Content.
Now, the rule will take effect immediately, and block all HTTP access requests from specific source IPs.
If the webmaster does not want a public network user to access specified web resources, such as administration backend
/admin.html, he or she can configure as follows: select "Request Path" for Field, select "Equal to" for Condition, enter
/admin.html in Content, select "Block" for Action, and click OK.
To block hotlink attacks by external sites, such as
www.test.com, the webmaster can use access control rules to capture and block the Referer in a hotlink request. The configuration is as follows: select "Referer" for Field, select "Include" for Condition, enter
www.test.com in Content, select "Block" for Action, and click OK.
You can copy the rule you configured to other domain names by using the copy operation.